1. 06 Oct, 2016 9 commits
    • Kirill Smelkov's avatar
      NXD Teach GitLab about patches · b27dc77e
      Kirill Smelkov authored
      Teach GitLab not only to merge changes from a merge-request, but also to
      apply patches posted to merge-request in a way like `git am` would do -
      without merge commit and directly on top of current branch. Which way to
      go is selected by user in web UI, and apply patches is the first option.
      
      There are 3 cases:
      
      - only 1 commit is present in MR -> the only available option is to
        apply that single commit as one patch without a merge
      
        ( There is no need for merge commit in this case at all: information
          about user who applied the patch goes to "Committer" field in resultant
          commit. Avoiding 1 merge per 1 patch results in cleaner history )
      
        It is also possible to review patch description directly in web UI,
        before doing the actual application, and correct / amend it as needed.
      
      - several commits are present in MR:
      
        * it is possible to apply the patches directly on top of current
          branch. Again information about who applied what goes to "Committer"
          field.
      
        * it is possible to merge MR changes with making a merge commit.
      
          This variant is useful, when patches from a MR do several logical
          steps to reach one goal, and MR description contain cover letter for
          whole patch series.
      
          in this case original commits stay untouched and resulting merge
          will contain MR author as author, user who accepted MR as committer,
          and cover letter as merge commit message.
      
          NOTE we avoid useless "Merge branch X into Y" in merge message, and
              just put MR title into merge subject and MR description into merge
              description.
      
              This way it is more logical with more important information in
              merge subject and thus e.g. more handy to oversee what a merge brings,
              just by it subject, e.g. via looking at updates via
      
                  gitk --first-parent ...
      
              or via web.
      
      NOTE for pre-generated references to merge-request we now use full MR
          URL, instead of !<MR-n>. Full URLs work everywhere, not only on
          original site where MR was created, or even only in original repo
          and not its fork on the same site.
      b27dc77e
    • Kirill Smelkov's avatar
      NXD Show ICP on front page & on footer of every other pages · c681bd28
      Kirill Smelkov authored
      TODO detect whether request comes from China and only then show ICP (?).
      c681bd28
    • Kirill Smelkov's avatar
      NXD Show "about" footer on every page · 6ffe9528
      Kirill Smelkov authored
      We show in small font size the same info that is shown on sign_in page:
      
          "GitLab Nexedi Edition", "About GitLab" and "About Nexedi"
      
      This is good to have and hereby-introduced about-footer area will be
      also used in the next patch for ICP too.
      
      XXX placement of .about-footer to be near bottom is done not very
      correctly.
      6ffe9528
    • Kirill Smelkov's avatar
      NXD gitlab:app:check : Don't check for init script · cbaedbf4
      Kirill Smelkov authored
      Like Omnibus, SlapOS version does not have init script - nothing to
      check here.
      cbaedbf4
    • Kirill Smelkov's avatar
      NXD lib/tasks/gitlab/check: Exit with non-zero code, if something failed in a check task · 516a1f56
      Kirill Smelkov authored
      This is handy for monitoring tools, which could e.g. periodically call check
      tasks and instead of parsing output, rely on exit code.
      
      The way we detect if something failed is via hooking into String#red, and if
      anything was ever printed in red - that's an error.
      516a1f56
    • Kirill Smelkov's avatar
    • Kirill Smelkov's avatar
      NXD clone_panel: Remove SSH option completely · 7d5bed71
      Kirill Smelkov authored
      The default was switched to HTTP in the previous patch, but let's completely
      remove SSH option - we support only HTTP for git fetch/push.
      7d5bed71
    • Kirill Smelkov's avatar
      NXD Make HTTP to be the default clone protocol · 7a97260f
      Kirill Smelkov authored
      Both fetch and push are possible over https, which is selected by http if
      gitlab was configured to use https in external url.
      
      This way to reduce security vectors and possible ways to interact with gitlab
      we use https only without ssh at all.
      7a97260f
    • Kirill Smelkov's avatar
      NXD GitLab Nexedi Edition · e0cdcf81
      Kirill Smelkov authored
      = GitLab Community Edition + Nexedi patches
      e0cdcf81
  2. 19 Aug, 2016 2 commits
  3. 16 Aug, 2016 2 commits
  4. 15 Aug, 2016 1 commit
  5. 30 Jun, 2016 3 commits
  6. 27 Jun, 2016 3 commits
  7. 15 Jun, 2016 1 commit
  8. 14 Jun, 2016 11 commits
    • Robert Speicher's avatar
      Merge branch '18535-confidential-issue-notes' into 'master' · ea13df6d
      Robert Speicher authored
      Only show notes through JSON on confidential issues that the user has access to
      
      Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/18535
      
      See merge request !1970
      ea13df6d
    • Tomasz Maczukin's avatar
      Update CHANGELOG for 8.8.5 · 778185a8
      Tomasz Maczukin authored
      778185a8
    • Robert Speicher's avatar
      Merge branch '17298-wiki-xss' into 'master' · 2da3f392
      Robert Speicher authored
      Forbid scripting for wiki files
      
      Wiki files (not pages - files in the repo) are just sent to the browser
      with whatever content-type the mime_types gem assigns to them based on
      their extension. As this is from the same domain as the GitLab
      application, this is an XSS vulnerability.
      
      Set a CSP forbidding all sources for scripting, CSS, XHR, etc. on these
      files.
      
      Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/17298.
      
      See merge request !1969
      2da3f392
    • Douwe Maan's avatar
      Merge branch 'fix/unauthorized-access-to-build-data' into 'master' · 6a513927
      Douwe Maan authored
      Remove 'unscoped' from project builds selection
      
      This is a fix for this security bug: https://gitlab.com/gitlab-org/gitlab-ce/issues/18188
      
      /cc @kamil @grzegorz @stanhu
      
      See merge request !1968
      6a513927
    • Rémy Coutable's avatar
      Merge branch 'fix/incremental-trace-update-api' into 'master' · 767d3223
      Rémy Coutable authored
      Fix UTF-8 handling in incremental trace update API
      
      ## What does this MR do?
      
      This MR fixes invalid UTF-8 handling in incremental trace update API (used by GitLab Runner).
      
      ## Why was this MR needed?
      
      Current version is using `.length` method to determine current trace size where Runner is using the trace size in bytes. Also this byte size is used in headers and file operations to agree the trace part to send. This is a problem when build trace contains any multi-byte UTF-8 characters. This MR is fixing this situation so all parts are using the same size in bytes.
      
      ### Runner -> API communication before fix:
      ```
      Checking for builds... received                     runner=_token_
      gitlab-ci-multi-runner 1.3.0~beta.26.gcfd63b9 (cfd63b9)  build=25 runner=_token_
      Using Docker executor with image debian:jessie ...  build=25 runner=_token_
      Pulling docker image debian:jessie ...              build=25 runner=_token_
      25 Submitting build to coordinator... ok            runner=_token_
      25 Appending trace to coordinator... ok             RemoteRange=0-158 RemoteState=running ResponseMessage=202 Accepted ResponseStatusCode=202 SentRange=0-158 runner=_token_
      25 Appending trace to coordinator... ok             RemoteRange=0-491 RemoteState=running ResponseMessage=202 Accepted ResponseStatusCode=202 SentRange=158-505 runner=_token_
      WARNING: 25 Appending trace to coordinator... range missmatch  RemoteRange=0-491 RemoteState= ResponseMessage=416 Requested Range Not Satisfiable ResponseStatusCode=416 SentRange=505-584 runner=_token_
      WARNING: 25 Resending trace patch due to range missmatch  runner=_token_
      25 Appending trace to coordinator... ok             RemoteRange=0-556 RemoteState=running ResponseMessage=202 Accepted ResponseStatusCode=202 SentRange=491-584 runner=_token_
      WARNING: 25 Appending trace to coordinator... range missmatch  RemoteRange=0-556 RemoteState= ResponseMessage=416 Requested Range Not Satisfiable ResponseStatusCode=416 SentRange=584-663 runner=_token_
      WARNING: 25 Resending trace patch due to range missmatch  runner=_token_
      25 Appending trace to coordinator... ok             RemoteRange=0-621 RemoteState=running ResponseMessage=202 Accepted ResponseStatusCode=202 SentRange=556-663 runner=_token_
      Build succeeded                                     build=25 runner=_token_
      WARNING: 25 Appending trace to coordinator... range missmatch  RemoteRange=0-621 RemoteState= ResponseMessage=416 Requested Range Not Satisfiable ResponseStatusCode=416 SentRange=663-797 runner=_token_
      WARNING: 25 Resending trace patch due to range missmatch  runner=_token_
      25 Appending trace to coordinator... ok             RemoteRange=0-741 RemoteState=running ResponseMessage=202 Accepted ResponseStatusCode=202 SentRange=621-797 runner=_token_
      25 Submitting build to coordinator... ok            runner=_token_
      ```
      
      ### Runner -> API communication after fix:
      ```
      Checking for builds... received                     runner=_token_
      gitlab-ci-multi-runner 1.3.0~beta.26.gcfd63b9 (cfd63b9)  build=26 runner=_token_
      Using Docker executor with image debian:jessie ...  build=26 runner=_token_
      Pulling docker image debian:jessie ...              build=26 runner=_token_
      26 Submitting build to coordinator... ok            runner=_token_
      26 Appending trace to coordinator... ok             RemoteRange=0-158 RemoteState=running ResponseMessage=202 Accepted ResponseStatusCode=202 SentRange=0-158 runner=_token_
      26 Appending trace to coordinator... ok             RemoteRange=0-505 RemoteState=running ResponseMessage=202 Accepted ResponseStatusCode=202 SentRange=158-505 runner=_token_
      26 Appending trace to coordinator... ok             RemoteRange=0-584 RemoteState=running ResponseMessage=202 Accepted ResponseStatusCode=202 SentRange=505-584 runner=_token_
      26 Appending trace to coordinator... ok             RemoteRange=0-663 RemoteState=running ResponseMessage=202 Accepted ResponseStatusCode=202 SentRange=584-663 runner=_token_
      Build succeeded                                     build=26 runner=_token_
      26 Submitting build to coordinator... ok            runner=_token_
      ```
      
      See merge request !4541
      767d3223
    • Douwe Maan's avatar
      Merge branch 'gh-disable-webhooks' into 'master' · b6f28a17
      Douwe Maan authored
      Check if GitHub rate limite API was reached before update Webhooks
      
      ## What does this MR do?
      
      Checks if the job needs to sleep, and wait for the rate limit to be reseted before update each Webhook.
      
      ## Are there points in the code the reviewer needs to double check?
      
      No.
      
      ## Why was this MR needed?
      
      The import process can fail if the API rate limit was reached during the import process.
      
      ## What are the relevant issue numbers?
      
      https://gitlab.com/gitlab-org/gitlab-ce/issues/17498
      
      ## Screenshots (if relevant)
      
      Not relevant.
      
      See merge request !4509
      b6f28a17
    • Douwe Maan's avatar
      Merge branch 'saml-ldap-link-flow' into 'master' · 520a57a1
      Douwe Maan authored
      Adjust the SAML control flow to allow LDAP identities to be added to an existing SAML user.
      
      It correctly lets an existing SAML user to add their LDAP identity automatically at login.
      
      A customer had issues with the `auto_link_ldap_user` feature. The flow was not working if there was an account with a SAML identity, but no LDAP identity. GitLab would pick up the correct LDAP person, but due to the order of the flow, that LDAP person was never associated with the user.
      
      Fixes #17346
      
      /cc @dblessing @balameb @stanhu
      
      See merge request !4498
      520a57a1
    • Douwe Maan's avatar
      Merge branch 'gh-fix-comments-on-diff' · 6e23d642
      Douwe Maan authored
      6e23d642
    • Douwe Maan's avatar
      Merge branch 'gh-disable-webhooks' · 212ebdfb
      Douwe Maan authored
      212ebdfb
    • Douwe Maan's avatar
      Merge branch 'todos-filter-project-delete' into 'master' · a834be61
      Douwe Maan authored
      Ensure we don't show TODOS for projects pending delete
      
      Joins the todos on the projects table in order to run the default scope. Also includes a where clause because the default scope is being removed soon.
      
      An alternative approach, more like the Issues page, would be to filter down the list by passing user.authorized_projects into the where clause.
      
      Or we could just be more defensive in the view when iterating.
      
      Todos page throws 500 error for users with todos in a project pending deletion.
      
      Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/17813
      
      cc\ @stanhu
      
      See merge request !4300
      a834be61
    • Douwe Maan's avatar
      Merge branch 'gh-rate-limit' · b2404508
      Douwe Maan authored
      b2404508
  9. 09 Jun, 2016 3 commits
  10. 02 Jun, 2016 5 commits